|
ASAP Update - 21 April 2008
ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:
Product: DbProtect Vulnerability Assessment Scan Engine (AppDetective)
IBM DB2
-
NEW! DB2 DAS Memory Corruption Vulnerability
Examines if the database is vulnerable to a critical vulnerability in the database manager service.
Risk: High
-
NEW! Multiple DoS vulnerabilities in SQLJRA protocol
Examines if the database is vulnerable to critical denial of service attacks.
Risk: High
-
NEW! SRVCON_AUTH CLIENT authentication
Examines if the authentication type in the SRVCON_AUTH parameter has been set to CLIENT.
Risk: High
-
NEW! SRVCON_AUTH SERVER authentication
Examines if the authentication type in the SRVCON_AUTH parameter has been set to SERVER.
Risk: High
-
NEW! GSSPLUGIN authentication
Examines if the authentication type has been set to GSSPLUGIN.
Risk: Medium
-
NEW! SYSMAINT_GROUP configuration option
Examines the value for the parameter SYSMAINT_GROUP set in the database manager configuration file.
Risk Level: Informational
-
NEW! SYSMON_GROUP configuration option
Examines the value for the parameter SYSMON_GROUP set in the database manager configuration file.
Risk Level: Informational
-
NEW! SYSCTRL_GROUP configuration option
Examines the value for the parameter SYSCTRL_GROUP set in the database manager configuration file.
Risk Level: Informational
-
NEW! SYSADM_GROUP configuration option
Examines the value for the parameter SYSADM_GROUP set in the database manager configuration file.
Risk Level – Informational
MICROSOFT SQL SERVER
ORACLE
DISCOVERY
- Performance enhancements on port scanning in discovery
COMPLIANCE
- Added mapping of NIST 800-53 controls to checks
|
